[
https://issues.apache.org/jira/browse/JCR-4536?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17151103#comment-17151103
]
Julian Reschke commented on JCR-4536:
-------------------------------------
1) I would like to restrict this to one or just a few host names; that should
be totally sufficient for your use case, right?
2) We need test coverage; there's a JCR ticket for that (will have to look it
up).
IMHO it's really important that we restrict this, so that we don't end up with
people running insecure HTTPS without knowing it.
> Feature/enable insecure https host
> ----------------------------------
>
> Key: JCR-4536
> URL: https://issues.apache.org/jira/browse/JCR-4536
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Components: jackrabbit-spi2dav
> Reporter: Max Barrass
> Assignee: Konrad Windszus
> Priority: Major
>
> Adding support for insecure parameter to allow access to https with invalid
> certs.
> Enabling optional support for expired ssl certs when using https on
> development server with self generated certificates.
> Pull request already created and ready for review
> [https://github.com/apache/jackrabbit/pull/88]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
